CKA Forums
Login 
canadian forums
bottom
 
 
Canadian Forums

Author Topic Options
Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63861
PostPosted: Thu Aug 27, 2015 1:14 pm
 


Full title: Most California state agencies wide open to hackers, audit finds

http://www.washingtonexaminer.com/most- ... le/2570917

EXCERPT go to the link for the whole story! It's a good one! [B-o]

Quote:
The overwhelming majority of California's state agencies are ill-prepared to defend against cyberattacks, according to the state auditor, putting Social Security numbers, health records, and income tax information at risk for millions of Californians.

In a report issued on Tuesday, state auditor Elaine Howle said 73 of 77 state agencies that her department reviewed had not achieved compliance with cybersecurity standards. The California Department of Technology, responsible for ensuring the integrity of the state's information systems, "does not provide adequate oversight or guidance to reporting entities," Howle wrote.

So as not to provide a guide for hackers on which agencies to target, they were not identified by name. While four reported full compliance with security standards, one reported complete noncompliance, and the rest reported partial compliance.

Asked by the Washington Examiner how California had managed to avoid any major breaches of their computer systems to date, Howle responded, "I really don't have an answer to that question." The important thing going forward, she said, is "to make sure state agencies follow the guidelines and the standards that are out there so that we mitigate any breaches."


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63861
PostPosted: Thu Aug 27, 2015 1:27 pm
 


Quote:
Asked by the Washington Examiner how California had managed to avoid any major breaches of their computer systems to date, Howle responded, "I really don't have an answer to that question."


I have an answer:

We wouldn't even KNOW if we'd had a major data breach!!!

There are effectively no controls over people using their own USB devices to download massive amounts of data to use outside of the state's networks and anyone mentioning the idea of locking these things down is seen as an annoyance or as an impediment to getting work done.

People who travel to China and other countries that routinely spy on the US do so with their remote access accounts left enabled and there's no way to tell if the spy agencies of these countries have compromised people who have permission to be on these networks.

In too many state agencies anyone off the street can just walk into an office and walk around, find a computer that's been left logged on while someone is on break or at lunch and then do whatever they want. There is really no need to hack these state agencies because it's just too easy to walk in and gain access.

Contractors and building maintenance people often have unfettered access to highly secure areas such as LAN rooms, data centers, and IDF closets and would have no problem at all accessing networks from these physical locations.

People who have laptops frequently have their user names and passwords on a Post-It note right next to the track pad of their laptop and then they lose these devices all too often. Encryption practices end up being pointless because of this kind of thing.

Social engineering hacks are almost unstoppable at agencies that don't authenticate their users when they call an IT help desk for a password reset. Just call and ask for a password for (pick a name) and if they're an active employee you'll likely get a password to the network.

Shit...no one needs to do anything as dramatic as hacking when all you have to do is make a phone call and ask for a password.

~~~ frustrated ~~~ :|


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33868
PostPosted: Thu Aug 27, 2015 2:58 pm
 


BartSimpson wrote:
~~~ frustrated ~~~ :|


I hear ya! I read a similar story too, and thought "Bart is fucked!". :(


Post new topic  Reply to topic  [ 3 posts ] 



Who is online

Users browsing this forum: No registered users and 1 guest




 
     
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © Canadaka.net. Powered by © phpBB.